---
title: Run a node for Taiko Alethia from source
description: This guide will help you run a node for the Taiko Alethia network.
---

import {
  Aside,
  Card,
  Steps,
  Tabs,
  TabItem,
} from "@astrojs/starlight/components";

This tutorial explains how to run a node for Taiko Alethia from source code.

## Building the Source Code

Please follow the [Building a Node from Source](/guides/node-operators/build-a-taiko-alethia-node-from-source) guide before continuing.
This guide presumes you have built the required images already (`taiko-geth` and `taiko-client`).

## Hardware Requirements

These are the recommended specs of a [mainnet Geth node](https://geth.ethereum.org/docs/getting-started/hardware-requirements); the actual requirements may be lower.

-       16GB RAM
-       2TB SSD
-       Quad-core CPU

Node operators should plan for future storage needs as the requirements will grow continuously.

### Create a JWT Secret

`taiko-geth` and `taiko-client` communicate over the standard Ethereum engine API authrpc. This communication is secured using a shared secret.

You will need to generate a shared secret in the form of a 32 byte hex string.

```bash
openssl rand -hex 32 > jwt.txt
```

### Start `taiko-geth`

It's generally better to start `taiko-geth` before you start `taiko-client` as you will encounter less error messages.

`taiko-geth` can be started without `taiko-client` and will wait until `taiko-client` begins communicating.

<Steps>

1.  Navigate to your `taiko-geth` directory

    Find the directory where you built the `taiko-geth` binary.

2.  Copy the JWT secret you generated into the `taiko-geth` directory.

    ```bash
    cp /path/to/jwt.txt .
    ```

3.  Start taiko-geth

        Use the following command to start `taiko-geth` in a default configuration.
        The JSON-RPC API will become available on port 28545.

        ```bash
            ./build/bin/geth \
                --taiko \
                --networkid 167000 \
                --gcmode archive \
                --datadir ./data/taiko-geth \
                --metrics \
                --metrics.expensive \
                --metrics.addr "0.0.0.0" \
                --bootnodes enode://7a8955b27eda2ddf361b59983fce9c558b18ad60d996ac106629f7f913247ef13bc842c7cf6ec6f87096a3ea8048b04873c40d3d873c0276d38e222bddd72e88@43.153.44.186:30303,enode://704a50da7e727aa10c45714beb44ece04ca1280ad63bb46bb238a01bf55c19c9702b469fb12c63824fa90f5051f7091b1c5069df1ec9a0ba1e943978c09d270f@49.51.202.127:30303,enode://f52e4e212a15cc4f68df27282e616d51d7823596c83c8c8e3b3416d7ab531cefc7b8a493d01964e1918315e6b0c7a4806634aeabb9013642a9159a53f4ebc094@43.153.16.47:30303,enode://57f4b29cd8b59dc8db74be51eedc6425df2a6265fad680c843be113232bbe632933541678783c2a5759d65eac2e2241c45a34e1c36254bccfe7f72e52707e561@104.197.107.1:30303,enode://87a68eef46cc1fe862becef1185ac969dfbcc050d9304f6be21599bfdcb45a0eb9235d3742776bc4528ac3ab631eba6816e9b47f6ee7a78cc5fcaeb10cd32574@35.232.246.122:30303 \
                --authrpc.addr "0.0.0.0" \
                --authrpc.port 28551 \
                --authrpc.vhosts "*" \
                --authrpc.jwtsecret ./jwt.txt \
                --http \
                --http.api admin,debug,eth,net,web3,txpool,miner,taiko \
                --http.addr "0.0.0.0" \
                --http.port 28545 \
                --http.vhosts "*" \
                --ws \
                --ws.api admin,debug,eth,net,web3,txpool,miner,taiko \
                --ws.addr "0.0.0.0" \
                --ws.port 28546 \
                --ws.origins "*" \
                --gpo.defaultprice "10000000" \
                --port 30304 \
                --syncmode full \
                --state.scheme=path
        ```

</Steps>

### Start `taiko-client`

This guide assumes you are running both `taiko-geth` and `taiko-client` on the same machine.

If you aren't, you can configure the ports and addresses so that the services can access each other.

<Steps>
1. Navigate to your `taiko-client` directory

    Find the directory where you built the `taiko-client` binary.

2.  Copy the JWT secret

    <Aside>
      This should be the *same* JWT secret you used in the previous step for
      `taiko-geth`.
    </Aside>

    ```bash
    cp /path/to/jwt.txt .
    ```

3.  Set environment variables

    The following URLs should be an Ethereum node.

    You will need either an RPC provider, or run a full Ethereum node yourself.

    ```bash
    export L1_WS=...  # the WS address for the node to sync from.
    export L1_BEACON_URL=... # URL address for the L1 Beacon-node HTTP endpoint to use.
    ```

4.  Start taiko-client

        Use the following command to start `taiko-client` in a default configuration.

        You can find all other configurable flags by running `./bin/taiko-client driver`.

        This command assumes you've run the `taiko-geth` command as is, if you've changed ports please change them accordingly.

        <Aside type="tip">
        If you wish to enable a node without joining the preconfirmations p2p network, simply **remove all `p2p` and `preconfirmation` flags with the exception of `--p2p.sync` and `--p2p.checkPointSyncUrl`.**

        Please note that your node's chainhead will not be up-to-date with the preconfed blocks if you do not join the p2p network.
        </Aside>

        ```bash
            ./bin/taiko-client driver \
                --l1.ws ${L1_WS} \
                --l2.ws ws://localhost:8546 \
                --l1.beacon ${L1_BEACON_URL} \
                --l2.auth http://localhost:8551 \
                --taikoInbox 0x06a9Ab27c7e2255df1815E6CC0168d7755Feb19a \
                --taikoAnchor 0x1670000000000000000000000000000000010001 \
                --preconfirmation.whitelist 0xFD019460881e6EeC632258222393d5821029b2ac \
                --preconfirmation.serverPort 9871 \
                --jwtSecret ./jwt.txt \
                --p2p.sync \
                --p2p.checkPointSyncUrl https://rpc.mainnet.taiko.xyz \
                --p2p.bootnodes enode://c263741b17759f3850d24d67d6c3cbc307c73e17d80c6b12a63a4792a10529d1125d00ecf7ef4c9b0dc51d28b94dfc1b8798fb524f61a1f93946748649f73b23@34.142.239.251:4001?discport=30304,enode://2f37c3affd83274b262fa2a259d32d41510dd5a48d6e916696efe7f1598cb3f905305f5989e7b6607aab50697fb2e52cb4b6904116ed67cc5fcea1e6d66ccaba@35.247.159.156:4001?discport=30304,enode://dd83dedeff622ecfca0c5edf320266506c811539a553ddd91589cdfcc9bbd74d0d620f251d8d5e1180f19a446abbdd8b6b5301e9aa6cbad35cfd9716f80f2416@34.126.90.255:4001?discport=30304 \
                --p2p.listen.ip 0.0.0.0 \
                --p2p.useragent taiko \
                --p2p.listen.tcp 4001 \
                --p2p.advertise.tcp 4001 \
                --p2p.listen.udp 30303 \
                --p2p.advertise.tcp 30303 \
                --p2p.peerstore.path /node-keys/peerstore \
                --p2p.discovery.path /node-keys/discv5 \
                --p2p.advertise.ip ${YOUR_EXTERNAL_IP} \
                --p2p.priv.raw ${PRIVATE_KEY}
        ```
        <Aside type="danger">
        `YOUR_EXTERNAL_IP` should be **publicly accessible** from the internet, at the UDP and TCP ports you advertise from. If it is not, your node will not join the P2P network correctly.
        </Aside>

        If you do not wish to set an external IP manually, you may instead replace the `--p2p.listen.tcp` and all lines after in the above command with `--p2p.nat`. This will automate discovery, and you do not need to manually set ports.

        We **highly recommend** that you configure these manually.

        Your node also needs a private key set to acquire a stable peer ID. (`--p2p.priv.raw`) This private key should be unique to each node: if you are running multiple, please use different ones for each node. **This private key does not need to hold eth or any valuables, it is simply to persist an identity.**

        You may alternatively set `--p2p.priv.path`, which should be a path to a file that contains the hex-encoded 32-byte private key for the peer ID. We recommend using `--p2p.priv.raw` for simplicity.

</Steps>

<Aside>
  The method to find your external IP can differ depending on your setup. For a
  personal machine, `curl ifconfig.me` might suffice; if you are running your
  node through Kubernetes you will need to set a static IP for your LoadBalancer
  service as pod IPs change on recreation. If you run into issues doing this,
  please reach out to us on
  [Discord](https://discord.com/channels/984015101017346058/1117285651394600960)!
</Aside>

### Ensure that the relevant ports are open on your machine

Whether you are running the node on a personal machine or a cloud provider's machine, you should ensure your the following ports on your machine are open and visible from the internet at your external IP: - TCP `4001` OR whichever port you set `--p2p.advertise.tcp` to. - UDP `30303` OR whichever port you set `--p2p.advertise.udp` to.

These ports **are required for p2p gossiping preconfirmed blocks**, so if it is not set you will only subscribe to the events that are emitted on chain. You may need to add additional port-forwarding rules in your firewall/router to enable discovery from the internet.

### Ensure that your node has joined the P2P network

To ensure that your node is actually configured correctly and has joined the P2P network for preconfirmations, please use `grep` to find logs regarding `peer tick`. You should find something that resembles the following:

```
INFO [07-30|18:37:38.168] Peer tick                                peersLen=4 peers="[...]" addrInfo="[...]" id=... advertisedUDP=52700 advertisedTCP=4001 advertisedIP=...
```

As long as `peersLen=X` is greater than or equal to 6, your node should have joined the P2P network correctly! If it is below that, please reach out to us on Discord for troubleshooting help.

### Syncing

Once you've started `taiko-geth` and `taiko-client` properly you should see them communicate with each other and start syncing.

Syncing can take several hours, depending on the size of the chain.

## Next Steps

<Card title="Troubleshooting" icon="error">
  If you run into any problems, please visit the [troubleshooting
  page](/guides/node-operators/node-troubleshooting) for help.
</Card>
